“Javascript is Awesome, but sometimes the things that make it awesome also make it vulnerable”
-Guy Podjarny, Ceo and co-founder at Snyk
I decided to do a little bit of research to have an idea of what I’ll be facing during the boot camp. I stumbled upon a video on YouTube that spoke on:
“Writing Secure Node Code — Understanding and Avoiding the Most Common Node.js Security Mistakes” I decided to see what it was all about.
“Writing Secure Node Code — Understanding and Avoiding the Most Common Node.js Security Mistakes” I decided to see what it was all about.
Going through the video I realized just how vulnerable our production code can get due to outdated/vulnerable dependencies from npm. 70–80% of the time we always use one dependency or the other, and these dependencies come with other dependents and I am sure anybody who has gone through their package-lock.json file or npm js would know better.
To cut the long story short this was how I discovered Snyk
A developer-first solution that automates finding & fixing vulnerabilities in your dependenciesAll I had to do was incorporate it into my GitHub just like I did with Travis-CI and Coveralls though much an easier journey, and it would raise a pull request to fix up my vulnerable packages if any.
It’s a really good service, because it always notifies you on time when your code depends on a vulnerable package and not just notifying you, it fixes the vulnerability for you, thereby keeping the hackers away.
No comments:
Post a Comment